[FX.php List] * and login

Gjermund Gusland Thorsen ggt667 at gmail.com
Tue Oct 31 06:35:06 MST 2006


what is then the value of foundCount?

ggt667

On 10/31/06, Alex Gates <alex at gandrpublishing.com> wrote:
> Hi everyone-
>
> I've realized that my login can easily be compromised!  Thankfully I
> figured this out early in the development process.
>
> If I enter * for username and * for password, it logs me in as the
> latest registered user.
>
> This is my search syntax:
>
>         $lookup=new FX($serverIP,$webCompanionPort,'FMPro7');
>         $lookup->SetDBData('Web_Cookbook_Dev.fp7','WebLogin');
>         $lookup->SetDBPassword('xxxxxx','xxxxxxxx');
>         $lookup->AddDBParam('Username', $username, 'eq');
>         $lookup->AddDBParam('Password', $password, 'eq');
>         $lookupResult=$lookup->FMFind();
>         $foundResult=$lookupResult['foundCount'];
>
>
> I'm sorry if this has been covered - I searched the archives but I
> didn't find anything.
>
> Is there a way I can modify this search syntax so * can't be used for
> username and password to log in?
>
> Wow - I never realized this was a possibility... I just randomly tried
> it this morning and was shocked at the result...
>
> Thanks in advance!
>
> Alex
>
>
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list
>


More information about the FX.php_List mailing list